Hi everyone,
First time posting, but have been reading plenty of your posts! I'm setting up Samba with LDAP using jumpcloud's directory as a service. Jumpcloud will only work with either SSL or TLS enabled in Samba. When I enable Samba with the LDAP backend I'm getting an error:
Leading me to look at the output from systemctl status:
smbd.service - Samba SMB Daemon
Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2018-04-15 14:42:20 BST; 3min 9s ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Process: 4831 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE)
Main PID: 4831 (code=exited, status=1/FAILURE)
Status: "Starting process..."
Apr 15 14:42:20 phoenix smbd[4831]: add_new_domain_info: Adding new domain
Apr 15 14:42:20 phoenix smbd[4831]: [2018/04/15 14:42:20.601860, 5, pid=4831, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1485(smbl
Apr 15 14:42:20 phoenix smbd[4831]: smbldap_add: dn => [sambaDomainName=PHOENIX,o=*************REMOVED************,dc=jumpcloud,dc=com]
Apr 15 14:42:20 phoenix smbd[4831]: [2018/04/15 14:42:20.630532, 1, pid=4831, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap_util.c:
Apr 15 14:42:20 phoenix smbd[4831]: add_new_domain_info: failed to add domain dn= sambaDomainName=PHOENIX,o=*************REMOVED************,dc=jump
Apr 15 14:42:20 phoenix smbd[4831]: unknown
Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Main process exited, code=exited, status=1/FAILURE
Apr 15 14:42:20 phoenix systemd[1]: Failed to start Samba SMB Daemon.
Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Unit entered failed state.
Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Failed with result 'exit-code'.
Alles anzeigen
and journalctl (key lines only):
Apr 15 14:42:20 phoenix smbd[4831]: add_new_domain_info: failed to add domain dn= sambaDomainName=PHOENIX,o=*************REMOVED************,dc=jumpcloud,dc=com with: Referral
Apr 15 14:42:20 phoenix smbd[4831]: smbldap_search_domain_info: Adding domain info for PHOENIX failed with NT_STATUS_UNSUCCESSFUL
Apr 15 14:42:20 phoenix smbd[4831]: pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
Apr 15 14:42:20 phoenix smbd[4831]: pdb backend ldapsam:ldaps://ldap.jumpcloud.com:636 did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
Apr 15 14:42:20 phoenix systemd[1]: Failed to start Samba SMB Daemon.
-- Subject: Unit smbd.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit smbd.service has failed.
--
-- The result is failed.
Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Unit entered failed state.
Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Failed with result 'exit-code'.
Alles anzeigen
I also had a look at the smb.conf file once I had attempted to enable Samba with LDAP:
[global]
server string = %h
ldap admin dn = uid=ldaps,ou=Users,o=*************REMOVED************,dc=jumpcloud,dc=com
ldap group suffix = ou=Users
ldap passwd sync = yes
ldap ssl = no
ldap suffix = o=*************REMOVED************,dc=jumpcloud,dc=com
ldap user suffix = ou=Users
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 10
syslog only = Yes
panic action = /usr/share/samba/panic-action %d
disable spoolss = Yes
load printers = No
printcap name = /dev/null
client min protocol = SMB2
pam password change = Yes
passdb backend = ldapsam:ldaps://ldap.jumpcloud.com:636
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
security = USER
socket options = TCP_NODELAY IPTOS_LOWDELAY
dns proxy = No
ldapsam:trusted = no
idmap config * : backend = tdb
printing = bsd
create mask = 0777
directory mask = 0777
aio read size = 16384
aio write size = 16384
use sendfile = Yes
[OFFICESHARE]
path = /srv/dev-disk-by-label-DATA/OFFICESHARE
hide special files = Yes
create mask = 0664
directory mask = 0775
force create mode = 0664
force directory mode = 0775
inherit acls = Yes
inherit permissions = Yes
read only = No
[homes]
comment = Home directories
hide special files = Yes
create mask = 0600
directory mask = 0700
force create mode = 0600
force directory mode = 0700
read only = No
valid users = %S
Alles anzeigen
I think the key line in this is
I cannot edit this in smb.conf since the file gets overwritten and there is no option for changing this to
in the Samba settings page. FYI, LDAP is working and populating the users page in the webgui, and also returning users correctly using getent passwd.
Anybody got any thoughts?
Thanks for any help!